<!DOCTYPE HTML>
<html>
<head>
  <title>Test for Content Security Policy inline stylesheets stuff</title>
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<p id="display"></p>
<div id="content" style="display: none">
</div>

<iframe style="width:100%;height:300px;" id='cspframe1'></iframe>
<iframe style="width:100%;height:300px;" id='cspframe2'></iframe>
<script class="testbody" type="text/javascript">

//////////////////////////////////////////////////////////////////////
// set up and go
SimpleTest.waitForExplicitFinish();

var done = 0;

// When a CSP 1.0 compliant policy is specified we should block inline
// styles applied by <style> element, style attribute, and SMIL <animate> and <set> tags
// (when it's not explicitly allowed.)
function checkStyles(evt) {
  var cspframe = document.getElementById('cspframe1');
  var color;

  // black means the style wasn't applied.  green colors are used for styles
  //expected to be applied.  A color is red if a style is erroneously applied
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('linkstylediv'),null)['color'];
  ok('rgb(0, 255, 0)' === color, 'External Stylesheet (' + color + ')');
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('inlinestylediv'),null)['color'];
  ok('rgb(0, 0, 0)' === color, 'Inline Style TAG (' + color + ')');
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('attrstylediv'),null)['color'];
  ok('rgb(0, 0, 0)' === color, 'Style Attribute (' + color + ')');
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('csstextstylediv'),null)['color'];
  ok('rgb(0, 255, 0)' === color, 'cssText (' + color + ')');
  // SMIL tests
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('xmlTest',null))['fill'];
  ok('rgb(0, 0, 0)' === color, 'XML Attribute styling (SMIL) (' + color + ')');
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('cssOverrideTest',null))['fill'];
  ok('rgb(0, 0, 0)' === color, 'CSS Override styling (SMIL) (' + color + ')');
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('cssOverrideTestById',null))['fill'];
  ok('rgb(0, 0, 0)' === color, 'CSS Override styling via ID lookup (SMIL) (' + color + ')');
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('cssSetTestById',null))['fill'];
  ok('rgb(0, 0, 0)' === color, 'CSS Set Element styling via ID lookup (SMIL) (' + color + ')');

  color = window.getComputedStyle(cspframe.contentDocument.getElementById('modifycsstextdiv'),null)['color'];
  ok('rgb(0, 255, 0)' === color, 'Modify loaded style sheet via cssText (' + color + ')');

  checkIfDone();
}

// When a CSP 1.0 compliant policy is specified we should allow inline
// styles when it is explicitly allowed.
function checkStylesAllowed(evt) {
  var cspframe = document.getElementById('cspframe2');
  var color;

  // black means the style wasn't applied.  green colors are used for styles
  // expected to be applied.  A color is red if a style is erroneously applied
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('linkstylediv'),null)['color'];
  ok('rgb(0, 255, 0)' === color, 'External Stylesheet (' + color + ')');
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('inlinestylediv'),null)['color'];
  ok('rgb(0, 255, 0)' === color, 'Inline Style TAG (' + color + ')');
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('attrstylediv'),null)['color'];
  ok('rgb(0, 255, 0)' === color, 'Style Attribute (' + color + ')');

  // Note that the below test will fail if "script-src: 'unsafe-inline'" breaks,
  // since it relies on executing script to set .cssText
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('csstextstylediv'),null)['color'];
  ok('rgb(0, 255, 0)' === color, 'style.cssText (' + color + ')');
  // SMIL tests
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('xmlTest',null))['fill'];
  ok('rgb(0, 255, 0)' === color, 'XML Attribute styling (SMIL) (' + color + ')');
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('cssOverrideTest',null))['fill'];
  ok('rgb(0, 255, 0)' === color, 'CSS Override styling (SMIL) (' + color + ')');
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('cssOverrideTestById',null))['fill'];
  ok('rgb(0, 255, 0)' === color, 'CSS Override styling via ID lookup (SMIL) (' + color + ')');
  color = window.getComputedStyle(cspframe.contentDocument.getElementById('cssSetTestById',null))['fill'];
  ok('rgb(0, 255, 0)' === color, 'CSS Set Element styling via ID lookup (SMIL) (' + color + ')');

  color = window.getComputedStyle(cspframe.contentDocument.getElementById('modifycsstextdiv'),null)['color'];
  ok('rgb(0, 255, 0)' === color, 'Modify loaded style sheet via cssText (' + color + ')');

  checkIfDone();
}

function checkIfDone() {
  done++;
  if (done == 2)
    SimpleTest.finish();
}

// save this for last so that our listeners are registered.
// ... this loads the testbed of good and bad requests.
document.getElementById('cspframe1').src = 'file_inlinestyle_main.html';
document.getElementById('cspframe1').addEventListener('load', checkStyles, false);
document.getElementById('cspframe2').src = 'file_inlinestyle_main_allowed.html';
document.getElementById('cspframe2').addEventListener('load', checkStylesAllowed, false);

</script>
</pre>
</body>
</html>
